Graham Thompson is the founder and CEO of Privacy Dynamics, a data anonymizer designed for innovative and ethical data teams. With over a decade of experience in the tech industry, including positions at Microsoft and Apple, Graham shares his insights on why organizations should invest in effective data segmentation to protect against supply chain attacks, responsible customer information management, the role of data anonymization in generative AI, and more.
Threat Landscape (01:47)
Darien breaks down this week’s Threat Landscape, broadly examining the threats that emerged, started to trend, and became mainstream, as well as the threats that haven’t seen any activity in the past month.
Medusa ransomware crew brags about spreading Bing, Cortana source code (03:10)
The Medusa ransomware group is engaged in a triple extortion operation where an attacker encrypts victims’ data, publishes it on the dark web, and publicly discloses what they’ve stolen. In this case, the Medusa group targeted Microsoft and reportedly leaked internal materials including source code for Bing and Cortana.
Microsoft: Iranian Hackers Moved From Recon to Targeting US Critical Infrastructure (04:48)
An Iranian nation-state threat group called APT35 is targeting critical US infrastructure. They have ramped up their operations and demonstrated an ability to weaponize zero-day vulnerabilities to conduct attacks and operations within roughly five days of the proof of concept code being available.
Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram (05:55)
Atomic macOS is a new type of information-stealing malware targeting macOS users that can be installed by exploiting vulnerabilities or by unsuspecting users falling for phishing websites.
Decoy Dog Malware Threatens Enterprise Networks (07:07)
Decoy Dog is a new type of malware going after enterprise networks, compromising organizations using the Domain Name System (DNS) as a means of command and control. They use DNS similarly to domain name generation algorithms, but it’s much more sophisticated and difficult to track.
Supply Chain Attack Leads to 3CX Hack and Other Supply Chain Attacks (08:23)
The recent supply chain attack that compromised 3CX occurred because of an earlier compromise in third-party software ‘X_Trader’ that 3CX used. This is the first public example of how a two-stage supply chain attack has caused major harm across seemingly two or multiple different industry verticals.
Interview with Graham Thompson (10:05)
Graham shares his insights on why organizations should invest in effective data segmentation to protect against supply chain attacks, responsible customer information management, the role of data anonymization in generative AI, and more.
